Merge branch 'main' into fix/code_spell_1139

Author: gvatsal60

.github/workflows/test-all.yaml

@@ -43,7 +43,6 @@ jobs:
         ]
         baseImage:
           [
-            "ubuntu:focal",
             "ubuntu:jammy",
             "debian:11",
             "debian:12",

.github/workflows/test-manual.yaml

@@ -9,7 +9,7 @@ on:
       baseImage:
         description: "Base image"
         required: true
-        default: "ubuntu:focal"
+        default: "ubuntu:noble"
       logLevel:
         description: "Log Level (info/debug/trace)"
         required: true

.github/workflows/test-pr.yaml

@@ -50,7 +50,6 @@ jobs:
         features: ${{ fromJSON(needs.detect-changes.outputs.features) }}
         baseImage:
           [
-            "ubuntu:focal",
             "ubuntu:jammy",
             "debian:11",
             "debian:12",

src/conda/devcontainer-feature.json

@@ -1,6 +1,6 @@
 {
   "id": "conda",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "name": "Conda",
   "description": "A cross-platform, language-agnostic binary package manager",
   "documentationURL": "https://github.com/devcontainers/features/tree/main/src/conda",

src/conda/install.sh

@@ -86,10 +86,23 @@ accept_anaconda_tos_if_needed() {
 
     for channel in "https://repo.anaconda.com/pkgs/main" "https://repo.anaconda.com/pkgs/r"; do
         echo "Accepting Conda Terms of Service for ${channel}..."
+        # Accept as root (for install-time commands)
         "${CONDA_DIR}/bin/conda" tos accept --override-channels --channel "${channel}"
+        # Accept as the target user (for runtime usage)
+        sudo_if "${CONDA_DIR}/bin/conda" tos accept --override-channels --channel "${channel}"
     done
 }
 
+clean_conda_cache() {
+    "${CONDA_DIR}/bin/conda" clean --all --yes
+    find "${CONDA_DIR}" -type f -name '*.pyc' -delete
+    find "${CONDA_DIR}" -type d -name '__pycache__' -exec rm -rf {} +
+    rm -rf "${CONDA_DIR}/pkgs/cache" /root/.cache/pip
+    if [ "${USERNAME}" != "root" ]; then
+        rm -rf "/home/${USERNAME}/.cache/pip"
+    fi
+}
+
 # Install Conda if it's missing
 if ! conda --version &> /dev/null ; then
     if ! cat /etc/group | grep -e "^conda:" > /dev/null 2>&1; then
@@ -145,16 +158,7 @@ if ! conda --version &> /dev/null ; then
 
     find "${CONDA_DIR}" -type d -print0 | xargs -n 1 -0 chmod g+s
 
-    # Temporary fixes
-    # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491
-    install_user_package certifi
-    # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286 and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23931
-    install_user_package cryptography
-    # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897
-    install_user_package setuptools
-
-    install_user_package pluggy
-
+    clean_conda_cache
 fi
 
 # Display a notice on conda when not running in GitHub Codespaces

test/conda/conda_channel_creation_with_root.sh

@@ -0,0 +1 @@
+conda_channel_creation.sh

test/conda/install_conda_package_after_upgrade_with_root.sh

@@ -0,0 +1 @@
+install_conda_package_after_upgrade.sh

test/conda/scenarios.json

@@ -1,6 +1,6 @@
 {
     "install_conda": {
-        "image": "ubuntu:noble",
+        "image": "mcr.microsoft.com/devcontainers/base:noble",
         "features": {
             "conda": {
                 "version": "latest",
@@ -9,12 +9,24 @@
         }
     },
     "install_conda_package_after_upgrade": {
-        "image": "ubuntu:noble",
+        "image": "mcr.microsoft.com/devcontainers/base:noble",
         "features": {
             "conda": {}
         }
     },
     "conda_channel_creation": {
+        "image": "mcr.microsoft.com/devcontainers/base:noble",
+        "features": {
+            "conda": {}
+        }
+    },
+    "install_conda_package_after_upgrade_with_root": {
+        "image": "ubuntu:noble",
+        "features": {
+            "conda": {}
+        }
+    },
+    "conda_channel_creation_with_root": {
         "image": "ubuntu:noble",
         "features": {
             "conda": {}